安全混沌工程实战

v20260317

implementing-security-chaos-engineering

通过故意破坏安全控件（如开放安全组、禁用 CloudTrail、创建管理员账号、扰乱日志管道、部署测试恶意 hash）来执行安全混沌实验，验证 SOC 的检测、告警和响应能力。

实施安全混沌工程

获取技能

327 次下载

概览

Implementing Security Chaos Engineering

Instructions

Design and execute security chaos experiments that intentionally break security controls to verify that detection, alerting, and response systems work correctly.

# Example: Verify detection when a security group is opened
import boto3
ec2 = boto3.client("ec2")

# Chaos experiment: temporarily add 0.0.0.0/0 rule
ec2.authorize_security_group_ingress(
    GroupId="sg-12345",
    IpProtocol="tcp", FromPort=22, ToPort=22,
    CidrIp="0.0.0.0/0",
)
# Verify: does GuardDuty/Config alert fire within SLA?
# Rollback: remove the rule after verification

Key experiments:

Open a security group and verify Config Rule alerts
Disable CloudTrail and verify detection time
Create IAM admin user and verify alert triggers
Simulate log pipeline failure and check monitoring gaps
Deploy test malware hash and verify EDR response

Examples

# Rollback function for safe experiment execution
def run_experiment(setup_fn, verify_fn, rollback_fn, timeout=300):
    try:
        setup_fn()
        result = verify_fn(timeout)
    finally:
        rollback_fn()
    return result

信息

Category 编程开发

Name implementing-security-chaos-engineering

版本 v20260317

大小 8.44KB

Source mukul975/Anthropic-Cybersecurity-Skills

更新时间 2026-03-18